Which versions of LiteLLM are affected by CVE-2026-42271?

LiteLLM proxy server versions 1.74.2 through 1.83.6 contain a remote command execution vulnerability that allows any authenticated user with a valid API key to execute arbitrary commands with proxy…. A patch is available.

LiteLLM CVE-2026-42271

Q: What is the CVSS score of CVE-2026-42271?

CVE-2026-42271 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-28507 HIGH

Command Injection (CWE-77)

2026-05-08 GitHub_M

GHSA-v4p8-mg3p-g94g

Command Injection

8.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Patch available

May 08, 2026 - 05:01 EUVD

Source Code Evidence Fetched

May 08, 2026 - 04:32 vuln.today

Analysis Generated

May 08, 2026 - 04:32 vuln.today

CVSS changed

May 08, 2026 - 04:22 NVD

8.7 (HIGH)

CVE Published

May 08, 2026 - 03:35 nvd

HIGH 8.7

DescriptionNVD

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it - POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list - accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied command as a subprocess on the proxy host with the privileges of the proxy process. The endpoints were gated only by a valid proxy API key, with no role check. Any authenticated user - including holders of low-privilege internal-user keys - could therefore run arbitrary commands on the host. This issue has been patched in version 1.83.7.

AnalysisAI

Remote command execution in LiteLLM proxy server versions 1.74.2 through 1.83.6 allows any authenticated user to execute arbitrary commands on the host system. Two MCP (Model Context Protocol) test endpoints accept stdio transport configurations including command, args, and env fields, then spawn the supplied command as a subprocess with proxy process privileges. …

RemediationAI

Within 24 hours: Inventory all LiteLLM proxy deployments and confirm versions currently in use; restrict network access to proxy servers to trusted hosts only and review API key distribution practices. Within 7 days: Upgrade all instances to LiteLLM version 1.83.7 or later; rotate all API keys post-upgrade. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-42271 vulnerability details – vuln.today

Back

LiteLLM CVE-2026-42271

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

LiteLLM CVE-2026-42271

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code